PH Privacy

On 29 March 2019, MPs in the UK rejected the government’s Withdrawal Agreement with a vote of 344 to 286, a margin of 58. This means the UK has missed an EU deadline to delay Brexit to 22 May and faces a new deadline of 12 April to come up with a way forward or leave without a deal.

Amid amplified calls for a national data privacy standard, the Federal Trade Commission (“FTC”) recently announced proposed amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act (“GLBA”) for financial services—inviting both praise and concern from industry experts.

The European Commission published its second annual review of the Privacy Shield agreement today, largely repeating what it said last year, that the regime is “ok” but could be better. It confirmed that it was happy the US ensures an adequate level of protection for personal data transferred under the arrangement, and has made some improvements, but progress is slow and there is more work to do.

The Privacy Act, which mandates several similar requirements to the General Data Protection Regulation (“GDPR”) that took effect in late May in the European Union, will have a substantial impact on the way companies store, share, disclose, process, and engage with consumer data in the United States.

On July 5, 2018, the Members of European Parliament (MEP) passed a non-binding resolution, 303 to 223 votes, with 29 abstentions to suspend the Privacy Shield Framework (“Privacy Shield”) “unless the U.S. is fully compliant” by September 1, 2018.

On Friday, June 22, Chief Justice Roberts, along with Justices Ginsburg, Breyer, Sotomayor and Kagan, wrote the majority opinion, holding that the government’s acquisition of historic cell-site location information (HCSLI) – at least to the extent it includes 7 days or more of cell-site records – was a search and thereby required a warrant.

The long-running saga of LabMD’s battle with the Federal Trade Commission may be nearing its end. As readers of our blog posts are aware, the now-defunct medical testing company has been fighting with the FTC over allegations that its data security practices were “unfair” for several years. Last week, the 11th Circuit issued a decision finding that the commission’s order against the company was enforceable because it did not enjoin a specific act or practice and was too vague.

Max Schrems, a European privacy activist - best known for bringing down “Safe Harbour” – has filed complaints against four of the biggest US tech giants under the new EU General Data Protection Regulation (GDPR). According to Max Schrem’s non-profit organisation, None of Your Business, the complaints were filed on Friday 25 May, coincidentally (some might argue too coincidentally), the very first day of GDPR’s entry into force; and are said to be worth a combined total of over EUR 7 billion, in maximum imposable penalties.

On March 23, 2018, President Trump signed into law, as part of a broader spending bill, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which enacted crucial statutory changes affecting law enforcement access to data stored by online service providers.

On Friday, March 16, 2018, the U.S. Court of Appeals for the D.C. Circuit issued its ruling in ACA International v. FCC, which set aside two major components of a 2015 Federal Communications Commission (“FCC” or “Commission”) Declaratory Ruling and Order (“Order”) intended to clarify the Commission’s position on the Telephone Consumer Protection Act (“TCPA”).